![]() |
|
|
|||||||
![]() |
Computer Security - Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability |
|
|
Thread Tools | Search this Thread |
|
|
#1 |
|
Affects: IE, Firefox, etc
Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability "Multiple web browser products are susceptible to a JavaScript key-filtering vulnerability. This issue is due to the failure of the browsers to securely handle keystroke input from users. This issue is demonstrated to allow attackers to divert keystrokes from one input form in a webpage to a hidden file upload dialog in the same page. This may allow remote attackers to initiate file uploads from unsuspecting users. Other attacks may also be possible. Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so keyboard-based games, blogs, or other similar pages are likely to be utilized by attackers to entice users to enter the required keyboard input to exploit this issue. Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey, Netscape Navigator, and Microsoft Internet Explorer are all reportedly vulnerable to this issue." http://www.securityfocus.com/bid/18308/discuss -- Imhotep imhotep |
|
|
|
|
#2 |
|
Posts: n/a
|
imhotep wrote:
> This issue is demonstrated to allow attackers to divert keystrokes from one > input form in a webpage to a hidden file upload dialog in the same page. > This may allow remote attackers to initiate file uploads from unsuspecting > users. Other attacks may also be possible. Where exactly is the vulnerability? It's the same as entering the data into an invisible form. It's purely PEBKAC. > Exploiting this issue requires that users manually type the full path of > files that attackers wish to download. This may require substantial typing > from targeted users, so keyboard-based games, blogs, or other similar pages > are likely to be utilized by attackers to entice users to enter the > required keyboard input to exploit this issue. What about keystroke sniffing across frames and domains? For IE this is actually told to be a feature, like any other phishing support. Now this is a serious problem because one can spoof the address bar on IE as well and you'll get the SSL lock for free. <script> var keylog='Capturing: '; document.onkeypress = function () { k = window.event.keyCode; window.status = keylog += String.fromCharCode(k) + '[' + k +']';} </script> <frameset onLoad="this.focus();" onBlur="this.focus();" cols="100%,*"> <frame src="https://www.paypal.com" scrolling="auto"> </frameset> BTW, [X] Tell news! Sebastian Gottschalk |
|
|
|
#3 |
|
Posts: n/a
|
Sebastian Gottschalk wrote:
> imhotep wrote: > >> This issue is demonstrated to allow attackers to divert keystrokes from >> one input form in a webpage to a hidden file upload dialog in the same >> page. This may allow remote attackers to initiate file uploads from >> unsuspecting users. Other attacks may also be possible. > > Where exactly is the vulnerability? It's the same as entering the data > into an invisible form. It's purely PEBKAC. PEBKAC???? >> Exploiting this issue requires that users manually type the full path of >> files that attackers wish to download. This may require substantial >> typing from targeted users, so keyboard-based games, blogs, or other >> similar pages are likely to be utilized by attackers to entice users to >> enter the required keyboard input to exploit this issue. > > What about keystroke sniffing across frames and domains? For IE this is > actually told to be a feature, like any other phishing support. Now this > is a serious problem because one can spoof the address bar on IE as well > and you'll get the SSL lock for free. hummmm "feature" eh? Go figures... > <script> > var keylog='Capturing: '; > document.onkeypress = function () { > k = window.event.keyCode; > window.status = keylog += String.fromCharCode(k) + '[' + k +']';} > </script> > <frameset onLoad="this.focus();" onBlur="this.focus();" cols="100%,*"> > <frame src="https://www.paypal.com" scrolling="auto"> > </frameset> > > BTW, [X] Tell news! Imhotep imhotep |
|
|
|
#4 |
|
Posts: n/a
|
imhotep wrote:
>> Where exactly is the vulnerability? It's the same as entering the data >> into an invisible form. It's purely PEBKAC. > > PEBKAC???? Problem exists between keyboard and chair. >> What about keystroke sniffing across frames and domains? For IE this is >> actually told to be a feature, like any other phishing support. Now this >> is a serious problem because one can spoof the address bar on IE as well >> and you'll get the SSL lock for free. > > hummmm "feature" eh? Go figures... Don't tell me, tell Microsoft. Keystroke sniffing has been reported a year ago or so. Same goes for all other phishing stuff IE is open for, like putting a DIV layer over a frame loaded with a website from another domain. Sebastian Gottschalk |
|
![]() |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| JavaScript on Closing the browser for ASP.NET | srivatsahg | Software | 0 | 03-02-2009 10:46 AM |
| Computer Security | aldrich.chappel.com.use@gmail.com | A+ Certification | 0 | 11-27-2007 02:11 AM |